{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T22:07:12.183","vulnerabilities":[{"cve":{"id":"CVE-2024-40408","sourceIdentifier":"cve@mitre.org","published":"2024-11-13T23:15:04.060","lastModified":"2026-06-17T07:45:50.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges."},{"lang":"es","value":"Se descubrió que la versión anterior a v7.0.2.113 de Cybele Software Thinfinity Workspace contenía un problema de control de acceso en la sección Crear perfil. Esta vulnerabilidad permite a los atacantes crear perfiles de usuario arbitrarios con privilegios elevados."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"cybelesoft","product":"thinfinity_workspace","defaultStatus":"unknown","cpes":["cpe:2.3:a:cybelesoft:thinfinity_workspace:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThan":"7.0.2.113","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-11-25T19:49:02.377351Z","id":"CVE-2024-40408","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cybelesoft:thinfinity_workspace:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.2.113","matchCriteriaId":"6F68F62D-2F3C-4D7E-BE0F-56C418D27D6E"}]}]}],"references":[{"url":"https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}}]}